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privateWning key expiry data to a plurality of clients, that are selectable on a per client basis 
wherein the digital signature key pairs axe not shared among users; 

ydigitally storing both selected public key expiry data and selected private key 
expiry data for association with a new digital signature key pair; and 

assorting the stored selected expiry data with a new digital signature key pair to 
effect a transition fronW old digital signature key pair to a new digital signature key pair 

determiiiirV whether a digital signature W*v p air update r fif| iiP-ot has been rereivM 
from a client imfr , 

receiving a neAdigital signature kev pair frnm the client unit in response in ih* 
digital signature kev p air update request: and 

wh erein the step of aWiating the stored seWt e d exoirv data includes creati n g a 
new digital signature certificat e containing the s elected nnhlir Vev exnirv <\*t* fleeted for th* 
client that generated the digital signature kev pair up date ro^rst 

2. (Previously amended) The method of claim 1 wherein the selectable expiry data is 
digital signature certificate lifetime data foXvariably setting a lifetime end date for a digital 
signature certificate. 

3. (Previously amended) The methodXof claim 1 further including the step of 
providing variable update privilege control on a perWt basis to the multi-client manager unit 

to facilitate denial of updating the digital signature keypair on a per chent basis. 

\ 

4. (Delete) 

5. (Previously amended) The method of claim 1 further comprising the steps of: 

deteraiining a digitid signature private key lifetime end date and a digital 
signature certificate creation date updn a user login to the public key system; 
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initiating, by a client unit, a digital signature key pair update request based on 
whether a different between a current date and the digital signature private key lifetime end 
date (tl) is less than an absolute predetemiined period of time and based on whether the 
difference between theVurrent date and the digital signature private key lifetime end date (tl) is 
less than a selectable predetermined percentage of a total duration of a digital signature private 
key lifetime. 

6. (Original) \te method of claim 1 wherein the step of providing selectable 
expiry data on a per client basis includes providing a user interfece to facilitate setting of the 
selectable expiry data to a desired ; 

7. (Original) The meWl of claim 1 including generating, by the multi-client 
manager unit, the new digital signature, key pair for a client in response to the multi-client 
manager unit receiving a digital signature key pair update request. 

8. (Original) The method ofNclaim 1 including storing a certificate expiration 
message in a client directory entry upon determination by the multi-client manager unit of a 
digital signature key expiry condition to facilitate a\digital signature key pair update request by a 
client. 



9. (Previously amended) A method for providing updated encryption key pairs in a 
public key system comprising the steps of: \ 

providing, through a multi-client manager unit, selectable expiry data including 
public encryption key expiry data associated with a public encryption key that is selectable on a 
per client basis; 

digitally storing selected public encryption key expiry data for association with a 
new encryption key pair; 
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aerating a new encryption key pair that is not computable from a previous 
encryption key pair and 

associating the stored selected expiry data with the new encryption key pair to 
affect a transition from an old encryption key pair to a new encryption key pair. 

10. (Previously Wended) The method of claim 9 wherein the step of providing 
selectable expiry data includes additionally providing updated digital signature key pairs, the 
step of storing includes storingV new digital signature key pair, and the step of associating also 
includes associating stored selected expiry data selected for the new digital signature key pair to 
affect a transition from an old digitalSsignature key pair to a new digital signature key pair. 

1 1 . (Previously amended) The method of claim 1 0 wherein the selectable expiry data 
is digital signature certificate lifetime date for variably setting a lifetime end date for a digital 
signature certificate and also includes encryption certificate lifetime data for variably setting a 
lifetime end date for an encryption certificate associated with the given client. 

12. (Previously amended) The methoci of claim 11 further including the step of 
providing variable update privilege control on a pe\client basis to the multi-client manager unit 
to facilitate denial of updating the digital signature keyW and the encryption key pair. 

13. (Original) The method of claim 11 wherein the digital signature certificate 
includes selectable private key lifetime end data. 

14. (Previously amended) A system for providingWdated digital signature key pairs 
to a plurality of clients in a public key system comprising: 

multi-client management means for providing selectable digital signature expiry 
data to a plurality of clients and not by a client, including at least\oth public verification key 
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expiry data and private signing key expiry data that are selectable on a per client basis wherein 
the digital signature key pairs are not shared among users; 

means, accessible by the multi-client manager means, for digitally storing both 
selected public key Wpiry data and selected private key expiry data for association with a new 
digital signature key pair; 

means, reWnsive to the stored selected public key expiiy data, for associating the 
stored selected expiry dataWh the new digital signature key pair to affect a transition from an 
old digital signature key pair to a new digital signature key pair; 

means for determining whether a digital signature key pair update request has 
been received from a client unit; \ 

means for receivings a new digital signature key pair from the client unit in 
response to the digital signature key pair update request; and 

wherein the means for\ssociating the stored selected expiry data creates a new 
digital signature certificate containing thLelected public key expiry data selected for the client 
that generated the digital signature key pair update request 

1 5. (Previously amended) The system of claim 14 wherein the selectable expiry data 
is digital signature certificate lifetime data forVariably setting a lifetime end date for a digital 
signature certificate. \ 

16. (Previously amended) The system of claim 14 further including means for 
providing variable update privilege control on a per client basis to the multi-client manager 
means to facilitate denial of updating the digital signature key pair on a per client basis. 

\ 

\ 

■A 

\ 

\ 

\ 

5 • 
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17. (Previously amended) The system of claim 16 wherein the multi-client manager 
means includes the meaL for associating the stored selected expiry data with the new digital 
signature key pair and incudes the means for providing variable update privilege control. 

18. (Delete) 

19. (Previously amended) The system of claim 14 further comprising: 
\ means for determining a digital signature private key lifetime end date and a 

digital signature certificate creation date upon a user login to the public key system; 

client means for initiating a digital signature key pair update request based on 
whether a mfferencebetween a current date and the digital signature private key lifetime end 
date (tl) is less than V absolute predetermined period of time and based on whether Hie 
difference between the current date and the digital signature private key lifetime end date (tl) is 
less than a selectable predetermined percentage of a total duration of a digital signature private 
key lifetime. 

20. (Original) The sWem of claim 14 wherein the means for providing selectable 
expiry data on a per client basis provides a user interface to facilitate setting of the selectable 
expiry data to a desired state. 

21. (Currently amended) A storage medium comprising 
a stored program for execution by a processor wherein the program facilitates 

providing updated digital signature key pairs in\a public key system by: 

allowing entry of selectable exrary data for a plurality of clients and not through a 
client including both at least public verification Key expiry data and signing private key expiry 
data that are selectable on a per client basis wherein the digital signature key pairs are not shared 
among users; 
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diWally storing both selected public key expiry data and selected private key 
expiry data for association with a new digital signature key pair; 

associWg the stored selected expiry data with the new digital signature key pan- 
to affect a transition from an old digital signature key pair to a new digital signature key pair; 

determining whether a digital signature kev p air npdat* req uest has been receive 
from a client unit; 

receiving a neV digital signature kev nair from the cMer* unit in mmmm t» th* 
digital signature kev pair update, request- and 

creating a new digital signature certifica t e containing the selected p nhl.V 1^ 
expiry data selected for the client thVt venamtel t he digital sta t ure kev nair np tat* r» TT <« 

22. (Previously amended) W storage medium of claim 21 wherein the stored 
program allows selection of digital signature certificate lifetime data for variably setting a 
lifetime end date for a digital signature certificate. 

23. (Previously amended) The Wage medium of claim 21 wherein the stored 
program further includes affecting variable Vpdate privilege control on a per client basis by a 
multi-client manager unit to provide denial ©^updating the digital signature key pair on a per 
client basis. 

24. (Delete) 

/-I 25 ' (Previously amended) The storage medium of claim 21 wherein the stored 

/ P^S 13111 further facilitates the steps \»f: 
/ detennining a digital signature private key lifetime end date and a digital 

V signature certificate creation date upon \ user login to the public key system; 



CH1CAG0/#1143383.1 

Received from < 312 609 5005 > at 10/16/03 1:32:06 PM [Eastern Daylight Time] 



10/16/2003 12:25 FAX 312 608 5003 



VEDDER PRICE KAUFMAN 



©010 




Wating, by a client unit, a digital signature key pair update request based on 
whether a difference between a current date and the digital signature private key lifetime end 
date (tl) is less than an absolute predetermined period of time and based on whether the 
difference between thLurrent date and the digital signature private key lifetime end date (tl) is 
Ie 55 than a selectable prWmined percentage of a total duration of a digital signature private 
key lifetime. 

26. (fteviouslyaAieiided)The storage medium of claim 21 wherein the stored 
program provides a user interkce to facilitate setting of the selectable expiry data to a desired 
state. 

27. (Previously presented) The method of Claim 5 wherein the selectable 
predetermined percentage of a total Wation of a digital signature private key lifetime includes a 
selectable period of time. 

28. (Previously presented) \ The system of Claim 19 wherein the selectable 
predetermined percentage of a total duration of a digital signature private key lifetime includes a 
selectable period of time. 

29. (Previously presented) Tne storage medium of Claim 25 wherein the 
selectable predetermined percentage of a total duration of a digital signature private key lifetime 
includes a selectable period of time. 

30. (Currently amended) A method for providing updated digital signature key pairs 
to a plurality of clients in a public key system comprising the steps of: 

providing, by a multi-client manager unit and not by a client, selectable digital 
signature expiry data including at least public verification^ expiry data, and selectable private 
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signing key expiry data to a plurality of clients, that are selectable on a per client basis wherein 
the digital signature key pairs are not shared among users; 

digWly storing both selected public key expiry data and selected private key 
expiry data for association with a new digital signature key pair; 

[associating the stored selected expiry data with the new digital signature key pair 
to affect a transition from dti old digital signature key pair to a new digital signature key pair; 
and] 

determining whether a digital signature key pair update request has been received 
from a client unit; 

receiving a new digital\ignature key pair from the client unit in response to the 
digital signature key pair update request; 

associating the stored selected exnirv data , with the new digital sionatum Vp V p air 
to affect a transition from an old digital sienatiir\ pair tn a n*w Hi a tal signature V ft v p a ,V ^ 

wherein the step of associating the Stored selected expiry data includes creating a 
new digital signature certificate containing the selected public key expiry data selected for the 
client generating the digital signature key pair update reW, a user public key, a user name and 
a signature of the multi-client manager unit 
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